### Minimal API Wrapper for MemoryVault

In [None]:
import requests
from typing import Optional, Dict, Any, List
from urllib.parse import urljoin

class MemoryVaultAPI:
    def __init__(self, base_url: str, api_key: str):
        """
        Initialize the MemoryVault API client.
        
        Args:
            base_url: Base URL of the API (e.g., 'http://localhost:8000/')
            api_key: API key for authentication
        """
        self.base_url = base_url.rstrip('/')
        self.session = requests.Session()
        self.session.headers.update({
            'X-API-Key': f'{api_key}',
            'Content-Type': 'application/json'
        })
    
    def _make_request(self, method: str, endpoint: str, **kwargs) -> requests.Response:
        """Make HTTP request to the API."""
        url = urljoin(self.base_url, endpoint)
        response = self.session.request(method, url, **kwargs)
        response.raise_for_status()
        return response
    
    # User Memory Methods
    def get_user_memories(self, status: Optional[str] = None, search: Optional[str] = None, 
                         ordering: Optional[str] = None, page: Optional[int] = None, 
                         page_size: Optional[int] = None) -> Dict[str, Any]:
        """List user's memories with optional filtering and pagination."""
        params = {}
        if status: params['status'] = status
        if search: params['search'] = search
        if ordering: params['ordering'] = ordering
        if page: params['page'] = page
        if page_size: params['page_size'] = page_size
        
        response = self._make_request('GET', '/api/memories/users/me/', params=params)
        return response.json()
    
    def create_user_memory(self, data: Dict[str, Any]) -> Dict[str, Any]:
        """Create a new user memory."""
        response = self._make_request('POST', '/api/memories/users/me/', json=data)
        return response.json()
    
    def get_user_memory(self, memory_id: str) -> Dict[str, Any]:
        """Get a specific user memory."""
        response = self._make_request('GET', f'/api/memories/users/me/{memory_id}/')
        return response.json()
    
    def update_user_memory(self, memory_id: str, data: Dict[str, Any]) -> Dict[str, Any]:
        """Update a user memory."""
        response = self._make_request('PATCH', f'/api/memories/users/me/{memory_id}/', json=data)
        return response.json()
    
    def delete_user_memory(self, memory_id: str) -> None:
        """Delete a user memory."""
        self._make_request('DELETE', f'/api/memories/users/me/{memory_id}/')
    
    # Team Memory Methods
    def get_team_memories(self, team_id: str, status: Optional[str] = None, 
                         search: Optional[str] = None, ordering: Optional[str] = None, 
                         page: Optional[int] = None, page_size: Optional[int] = None) -> Dict[str, Any]:
        """List team memories."""
        params = {}
        if status: params['status'] = status
        if search: params['search'] = search
        if ordering: params['ordering'] = ordering
        if page: params['page'] = page
        if page_size: params['page_size'] = page_size
        
        response = self._make_request('GET', f'/api/memories/teams/{team_id}/', params=params)
        return response.json()
    
    def create_team_memory(self, team_id: str, data: Dict[str, Any]) -> Dict[str, Any]:
        """Create a new team memory."""
        response = self._make_request('POST', f'/api/memories/teams/{team_id}/', json=data)
        return response.json()
    
    def get_team_memory(self, team_id: str, memory_id: str) -> Dict[str, Any]:
        """Get a specific team memory."""
        response = self._make_request('GET', f'/api/memories/teams/{team_id}/{memory_id}/')
        return response.json()
    
    def update_team_memory(self, team_id: str, memory_id: str, data: Dict[str, Any]) -> Dict[str, Any]:
        """Update a team memory."""
        response = self._make_request('PATCH', f'/api/memories/teams/{team_id}/{memory_id}/', json=data)
        return response.json()
    
    def delete_team_memory(self, team_id: str, memory_id: str) -> None:
        """Delete a team memory."""
        self._make_request('DELETE', f'/api/memories/teams/{team_id}/{memory_id}/')
    
    # Organization Memory Methods
    def get_org_memories(self, org_id: str, status: Optional[str] = None, 
                        search: Optional[str] = None, ordering: Optional[str] = None, 
                        page: Optional[int] = None, page_size: Optional[int] = None) -> Dict[str, Any]:
        """List organization memories."""
        params = {}
        if status: params['status'] = status
        if search: params['search'] = search
        if ordering: params['ordering'] = ordering
        if page: params['page'] = page
        if page_size: params['page_size'] = page_size
        
        response = self._make_request('GET', f'/api/memories/orgs/{org_id}/', params=params)
        return response.json()
    
    def create_org_memory(self, org_id: str, data: Dict[str, Any]) -> Dict[str, Any]:
        """Create a new organization memory."""
        response = self._make_request('POST', f'/api/memories/orgs/{org_id}/', json=data)
        return response.json()
    
    def get_org_memory(self, org_id: str, memory_id: str) -> Dict[str, Any]:
        """Get a specific organization memory."""
        response = self._make_request('GET', f'/api/memories/orgs/{org_id}/{memory_id}/')
        return response.json()
    
    def update_org_memory(self, org_id: str, memory_id: str, data: Dict[str, Any]) -> Dict[str, Any]:
        """Update an organization memory."""
        response = self._make_request('PATCH', f'/api/memories/orgs/{org_id}/{memory_id}/', json=data)
        return response.json()
    
    def delete_org_memory(self, org_id: str, memory_id: str) -> None:
        """Delete an organization memory."""
        self._make_request('DELETE', f'/api/memories/orgs/{org_id}/{memory_id}/')
    
    # Organization & Team Management Methods
    def get_user_organizations(self) -> List[Dict[str, Any]]:
        """List user's organizations."""
        response = self._make_request('GET', '/api/user/organizations/')
        return response.json()
    
    def create_organization(self, data: Dict[str, Any]) -> Dict[str, Any]:
        """Create a new organization."""
        response = self._make_request('POST', '/api/user/organizations/create/', json=data)
        return response.json()
    
    def get_organization_teams(self, org_id: str) -> List[Dict[str, Any]]:
        """List teams in an organization."""
        response = self._make_request('GET', f'/api/user/organizations/{org_id}/teams/')
        return response.json()
    
    def create_team(self, org_id: str, data: Dict[str, Any]) -> Dict[str, Any]:
        """Create a new team in an organization."""
        response = self._make_request('POST', f'/api/user/organizations/{org_id}/teams/', json=data)
        return response.json()
    
    def get_team_details(self, org_id: str, team_id: str) -> Dict[str, Any]:
        """Get team details."""
        response = self._make_request('GET', f'/api/user/organizations/{org_id}/teams/{team_id}/')
        return response.json()
    
    def update_team(self, org_id: str, team_id: str, data: Dict[str, Any]) -> Dict[str, Any]:
        """Update a team."""
        response = self._make_request('PUT', f'/api/user/organizations/{org_id}/teams/{team_id}/', json=data)
        return response.json()
    
    def delete_team(self, org_id: str, team_id: str) -> None:
        """Delete a team."""
        self._make_request('DELETE', f'/api/user/organizations/{org_id}/teams/{team_id}/')
    
    # Team Member Management Methods
    def get_team_members(self, org_id: str, team_id: str) -> List[Dict[str, Any]]:
        """List team members."""
        response = self._make_request('GET', f'/api/user/organizations/{org_id}/teams/{team_id}/members/')
        return response.json()
    
    def add_team_member(self, org_id: str, team_id: str, data: Dict[str, Any]) -> Dict[str, Any]:
        """Add a team member."""
        response = self._make_request('POST', f'/api/user/organizations/{org_id}/teams/{team_id}/members/', json=data)
        return response.json()
    
    def remove_team_member(self, org_id: str, team_id: str, user_id: str) -> None:
        """Remove a team member."""
        self._make_request('DELETE', f'/api/user/organizations/{org_id}/teams/{team_id}/members/{user_id}/')


class MemVaultAPIKeyManager:
    def __init__(self, base_url: str, username: str, password: str):
        """
        Initialize the API Key Manager for MemoryVault.
        
        Args:
            base_url: Base URL of the API (e.g., 'http://localhost:8000/')
            username: Username for authentication
            password: Password for authentication
        """
        self.base_url = base_url.rstrip('/')
        self.session = requests.Session()
        self.session.auth = (username, password)
        self.session.headers.update({
            'Content-Type': 'application/json'
        })
    
    def _make_request(self, method: str, endpoint: str, **kwargs) -> requests.Response:
        """Make HTTP request to the API."""
        url = urljoin(self.base_url, endpoint)
        response = self.session.request(method, url, **kwargs)
        response.raise_for_status()
        return response
        
    # Authentication/API Key Management Methods
    def get_api_keys(self) -> Dict[str, Any]:
        """Get user's API keys."""
        response = self._make_request('GET', '/api/auth/api-keys/')
        return response.json()
    
    def regenerate_primary_key(self) -> Dict[str, Any]:
        """Regenerate primary API key."""
        response = self._make_request('POST', '/api/auth/api-keys/regenerate-primary/')
        return response.json()
    
    def regenerate_secondary_key(self) -> Dict[str, Any]:
        """Regenerate secondary API key."""
        response = self._make_request('POST', '/api/auth/api-keys/regenerate-secondary/')
        return response.json()

In [None]:
USER_ADMIN=('admin', 'admin123')
api_key_manager = MemVaultAPIKeyManager('http://localhost:8000/',*USER_ADMIN )
print(api_key_manager.get_api_keys())
print(api_key_manager.regenerate_primary_key())
print(api_key_manager.get_api_keys())

## MemVault Hierarchical Permission System Demo

This demonstration showcases the three-tier memory system:
- **User Memory**: Private to individual users
- **Team Memory**: Shared within teams 
- **Organization Memory**: Accessible across the entire organization hierarchy

### Scenario Setup:
- **Alice**: Member of "Infra" team under "Acme Corp"
- **Bob**: Also in "Infra" team under "Acme Corp" 
- **Charlie**: Member of "DevOps" team under "Acme Corp"
- **Dana**: Organization admin for "Acme Corp"
- **Eve**: Organization admin for "Globex"

### Test Cases:
1. User memory privacy
2. Team memory sharing within team
3. Team memory isolation between teams
4. Organization memory accessibility
5. Permission denied scenarios
6. Non-blocking behavior examples

## Execution Instructions

To run this comprehensive demonstration:

1. **Start the MemVault API server**: Make sure your docker is setup and Django server is running.

2. **Set up test users**: Create the following users in your system:
   - `alice` (password: `alice123`) - Infra team member
   - `bob` (password: `bob123`) - Infra team member  
   - `charlie` (password: `charlie123`) - DevOps team member
   - `dana` (password: `dana123`) - Organization admin
   - `eve` (password: `eve123`) - Organization admin

3. **Run the cells in order**: Execute each cell sequentially to see the complete demonstration

In [None]:
# User Setup and API Key Initialization
import time
import json
from typing import Dict, Any

# Define our 5 test users
USERS = {
    'alice':  'alice123',
    'bob': 'bob123',
    'charlie':'charlie123',
    'dana': 'dana123',  # Org A admin
    'eve': 'eve123'  # Org B admin
}

USER_ID_MAP = {
    'alice': None,
    'bob': None,
    'charlie': None,
    'dana': None,  # Org A admin
    'eve': None  # Org B admin
}

BASE_URL = 'http://localhost:8000'

def setup_user_api_client(username: str, password: str) -> MemoryVaultAPI:
    """Setup API client for a user by getting their API key"""
    global USER_ID_MAP
    try:
        # Get API key using username/password
        key_manager = MemVaultAPIKeyManager(BASE_URL, username, password)
        keys_response = key_manager.get_api_keys()
        USER_ID_MAP[username] = keys_response['id']  # Store user ID for later use

        # Extract primary key
        primary_key = keys_response['primary_key']
        
        # Create API client
        return MemoryVaultAPI(BASE_URL, primary_key)
    except Exception as e:
        print(f"Failed to setup client for {username}: {e}")
        return None

def print_section(title: str):
    """Print a formatted section header"""
    print(f"\n{'='*60}")
    print(f"  {title}")
    print(f"{'='*60}")

def print_step(step: str):
    """Print a formatted step"""
    print(f"\n🔹 {step}")

def print_success(message: str):
    """Print a success message"""
    print(f"✅ {message}")

def print_error(message: str):
    """Print an error message"""
    print(f"❌ {message}")

def print_info(message: str):
    """Print an info message"""
    print(f"ℹ️ {message}")

# Initialize API clients for all users
print_section("INITIALIZING API CLIENTS")
api_clients = {}

for username, password in USERS.items():
    print_step(f"Setting up {username}")
    client = setup_user_api_client(username, password)
    if client:
        api_clients[username] = client
        print_success(f"API client ready for {username}")
    else:
        print_error(f"Failed to setup client for {username}")

print_info(f"Successfully initialized {len(api_clients)} API clients")

In [None]:
# Create Organizations
print(api_clients['dana'].create_organization({'name': 'Acme'}))
print(api_clients['eve'].create_organization({'name': 'Globex'}))

In [None]:
# Organization and Team Setup
print_section("ORGANIZATION AND TEAM SETUP")

# Get organizations for Dana (org admin)
print_step("Getting organizations for Dana")
dana_orgs = api_clients['dana'].get_user_organizations()
print(f"Dana's organizations: {json.dumps(dana_orgs, indent=2)}")

# Assume "Acme Corp" exists or create it
# For this demo, we'll use the first organization or create one
acme_org_id = None
if dana_orgs["count"] > 0:
    acme_org_id = dana_orgs["results"][0]['id']
    print_success(f"Using existing organization: {dana_orgs["results"][0]['name']} (ID: {acme_org_id})")
else:
    print_info("No organizations found - you may need to create one through the admin interface")

if acme_org_id:
    # Get existing teams
    print_step("Getting existing teams in Acme Corp")
    existing_teams = api_clients['dana'].get_organization_teams(acme_org_id)
    print(f"Existing teams: {json.dumps(existing_teams, indent=2)}")
    
    # Look for Infra and DevOps teams
    infra_team_id = None
    devops_team_id = None
    
    for team in existing_teams["results"]:
        if team['name'].lower() == 'infra':
            infra_team_id = team['id']
        elif team['name'].lower() == 'devops':
            devops_team_id = team['id']
    
    # Create teams if they don't exist
    if not infra_team_id:
        print_step("Creating Infra team")
        try:
            infra_team = api_clients['dana'].create_team(acme_org_id, {
                'name': 'Infra',
                'description': 'Infrastructure team responsible for deployment and operations'
            })
            infra_team_id = infra_team['id']
            print_success(f"Created Infra team (ID: {infra_team_id})")
        except Exception as e:
            print_error(f"Failed to create Infra team: {e}")
        print_step("Adding Alice as team member to Infra team")
        try:
            alice_id = USER_ID_MAP['alice']
            api_clients['dana'].add_team_member(acme_org_id, infra_team_id, {'user_id': alice_id})
            print_success(f"Alice added to Infra team (ID: {infra_team_id})")
        except Exception as e:
            print_error(f"Failed to add Alice to Infra team: {e}")
        print_step("Adding Bob as team member to Infra team")
        try:
            bob_id = USER_ID_MAP['bob']
            api_clients['dana'].add_team_member(acme_org_id, infra_team_id, {'user_id': bob_id})
            print_success(f"Bob added to Infra team (ID: {infra_team_id})")
        except Exception as e:
            print_error(f"Failed to add Bob to Infra team: {e}")
            
    
    if not devops_team_id:
        print_step("Creating DevOps team")
        try:
            devops_team = api_clients['dana'].create_team(acme_org_id, {
                'name': 'DevOps',
                'description': 'DevOps team responsible for CI/CD and automation'
            })
            devops_team_id = devops_team['id']
            print_success(f"Created DevOps team (ID: {devops_team_id})")
        except Exception as e:
            print_error(f"Failed to create DevOps team: {e}")
        print_step("Adding Charlie as team member to DevOps team")
        try:
            charlie_id = USER_ID_MAP['charlie']
            api_clients['dana'].add_team_member(acme_org_id, devops_team_id, {'user_id': charlie_id})
            print_success(f"Charlie added to DevOps team (ID: {devops_team_id})")
        except Exception as e:
            print_error(f"Failed to add Charlie to DevOps team: {e}")
    
    # Store team IDs for later use
    TEAM_IDS = {
        'infra': infra_team_id,
        'devops': devops_team_id
    }
    
    print_info(f"Team setup complete:")
    print_info(f"  Acme Corp ID: {acme_org_id}")
    print_info(f"  Infra Team ID: {infra_team_id}")
    print_info(f"  DevOps Team ID: {devops_team_id}")
else:
    print_error("Cannot proceed without organization setup")

In [None]:
# TEST CASE 1: User Memory Privacy
print_section("TEST CASE 1: USER MEMORY PRIVACY")

print_step("Alice creates a personal memory")
alice_personal_memory = {
    "content": "I found a great curl trick: curl --retry 3 --retry-delay 2 https://api.example.com"
}

try:
    alice_memory = api_clients['alice'].create_user_memory(alice_personal_memory)
    alice_memory_id = alice_memory['id']
    print_success(f"Alice created personal memory: {alice_memory['content'][:50]}...")
    print_info(f"Memory ID: {alice_memory_id}")
except Exception as e:
    print_error(f"Alice failed to create personal memory: {e}")

print_step("Alice can read her own memory")
try:
    alice_retrieved = api_clients['alice'].get_user_memory(alice_memory_id)
    print_success(f"Alice retrieved her memory: {alice_retrieved['content'][:50]}...")
except Exception as e:
    print_error(f"Alice failed to retrieve her own memory: {e}")

print_step("Bob tries to access Alice's personal memory (should fail)")
try:
    bob_access_alice = api_clients['bob'].get_user_memory(alice_memory_id)
    print_error(f"SECURITY ISSUE: Bob accessed Alice's personal memory!")
except Exception as e:
    print_success(f"SECURITY WORKING: Bob cannot access Alice's personal memory: {e}")

print_step("Charlie tries to access Alice's personal memory (should fail)")
try:
    charlie_access_alice = api_clients['charlie'].get_user_memory(alice_memory_id)
    print_error(f"SECURITY ISSUE: Charlie accessed Alice's personal memory!")
except Exception as e:
    print_success(f"SECURITY WORKING: Charlie cannot access Alice's personal memory: {e}")

print_step("Dana (org admin) tries to access Alice's personal memory (should fail)")
try:
    dana_access_alice = api_clients['dana'].get_user_memory(alice_memory_id)
    print_error(f"SECURITY ISSUE: Dana accessed Alice's personal memory!")
except Exception as e:
    print_success(f"SECURITY WORKING: Even org admin Dana cannot access Alice's personal memory: {e}")

print_info("User memory privacy test PASSED - only the owner can access their personal memories")

In [None]:
# TEST CASE 2: Team Memory Sharing (Alice posts to Infra team)
print_section("TEST CASE 2: TEAM MEMORY SHARING")

if 'infra_team_id' in globals() and infra_team_id:
    print_step("Alice posts a team memory to Infra team")
    alice_team_memory = {
        "content": "How to deploy our Kubernetes operator: kubectl apply -f operator.yaml && kubectl rollout status deployment/k8s-operator"
    }
    
    try:
        alice_team_mem = api_clients['alice'].create_team_memory(infra_team_id, alice_team_memory)
        alice_team_memory_id = alice_team_mem['id']
        print_success(f"Alice posted to Infra team: {alice_team_mem['content'][:50]}...")
        print_info(f"Team Memory ID: {alice_team_memory_id}")
    except Exception as e:
        print_error(f"Alice failed to post to Infra team: {e}")
        alice_team_memory_id = None
    
    if alice_team_memory_id:
        print_step("Bob (also in Infra team) can access Alice's team memory")
        try:
            bob_team_access = api_clients['bob'].get_team_memory(infra_team_id, alice_team_memory_id)
            print_success(f"Bob accessed team memory: {bob_team_access['content'][:50]}...")
        except Exception as e:
            print_error(f"Bob failed to access team memory: {e}")
        
        print_step("Bob can also list all Infra team memories")
        try:
            bob_team_memories = api_clients['bob'].get_team_memories(infra_team_id)
            print_success(f"Bob can see {len(bob_team_memories.get('results', []))} team memories")
            for memory in bob_team_memories.get('results', []):
                print_info(f"  - {memory['content'][:50]}...")
        except Exception as e:
            print_error(f"Bob failed to list team memories: {e}")
        
        print_step("Charlie (in DevOps team) tries to access Infra team memory (should fail)")
        try:
            charlie_team_access = api_clients['charlie'].get_team_memory(infra_team_id, alice_team_memory_id)
            print_error(f"SECURITY ISSUE: Charlie accessed Infra team memory!")
        except Exception as e:
            print_success(f"SECURITY WORKING: Charlie cannot access Infra team memory: {e}")
        
        print_step("Dana (org admin) can access all team memories")
        try:
            dana_team_access = api_clients['dana'].get_team_memory(infra_team_id, alice_team_memory_id)
            print_success(f"Dana (org admin) accessed team memory: {dana_team_access['content'][:50]}...")
        except Exception as e:
            print_error(f"Dana failed to access team memory: {e}")
    
    print_info("Team memory sharing test PASSED - team members can access, outsiders cannot")
else:
    print_error("Cannot run team memory test - Infra team not set up")

In [None]:
# TEST CASE 3: Organization Memory Accessibility
print_section("TEST CASE 3: ORGANIZATION MEMORY ACCESSIBILITY")

if 'acme_org_id' in globals() and acme_org_id:
    print_step("Dana (org admin) posts an organization-wide memory")
    dana_org_memory = {
        "content": "2025 Annual OKRs: 1) Achieve 99.9% uptime, 2) Reduce deployment time by 50%, 3) Implement zero-trust security"
    }
    
    try:
        dana_org_mem = api_clients['dana'].create_org_memory(acme_org_id, dana_org_memory)
        dana_org_memory_id = dana_org_mem['id']
        print_success(f"Dana posted org memory: {dana_org_mem['content'][:50]}...")
        print_info(f"Org Memory ID: {dana_org_memory_id}")
    except Exception as e:
        print_error(f"Dana failed to post org memory: {e}")
        dana_org_memory_id = None
    
    if dana_org_memory_id:
        print_step("Alice (Infra team) can access organization memory")
        try:
            alice_org_access = api_clients['alice'].get_org_memory(acme_org_id, dana_org_memory_id)
            print_success(f"Alice accessed org memory: {alice_org_access['content'][:50]}...")
        except Exception as e:
            print_error(f"Alice failed to access org memory: {e}")
        
        print_step("Bob (Infra team) can access organization memory")
        try:
            bob_org_access = api_clients['bob'].get_org_memory(acme_org_id, dana_org_memory_id)
            print_success(f"Bob accessed org memory: {bob_org_access['content'][:50]}...")
        except Exception as e:
            print_error(f"Bob failed to access org memory: {e}")
        
        print_step("Charlie (DevOps team) can access organization memory")
        try:
            charlie_org_access = api_clients['charlie'].get_org_memory(acme_org_id, dana_org_memory_id)
            print_success(f"Charlie accessed org memory: {charlie_org_access['content'][:50]}...")
        except Exception as e:
            print_error(f"Charlie failed to access org memory: {e}")
        
        print_step("All users can list organization memories")
        for user_name, client in api_clients.items():
            try:
                user_org_memories = client.get_org_memories(acme_org_id)
                print_success(f"{user_name.capitalize()} can see {len(user_org_memories.get('results', []))} org memories")
            except Exception as e:
                print_error(f"{user_name.capitalize()} failed to list org memories: {e}")
    
    print_info("Organization memory accessibility test PASSED - all org members can access")
else:
    print_error("Cannot run organization memory test - Acme Corp not set up")

In [None]:
# TEST CASE 4: Cross-Team Isolation
print_section("TEST CASE 4: CROSS-TEAM ISOLATION")

if 'devops_team_id' in globals() and devops_team_id:
    print_step("Charlie (DevOps team) posts a DevOps-specific memory")
    charlie_devops_memory = {
        "content": "DevOps CI/CD pipeline config: Use GitHub Actions with automated testing and deployment to staging"
    }
    
    try:
        charlie_devops_mem = api_clients['charlie'].create_team_memory(devops_team_id, charlie_devops_memory)
        charlie_devops_memory_id = charlie_devops_mem['id']
        print_success(f"Charlie posted to DevOps team: {charlie_devops_mem['content'][:50]}...")
        print_info(f"DevOps Team Memory ID: {charlie_devops_memory_id}")
    except Exception as e:
        print_error(f"Charlie failed to post to DevOps team: {e}")
        charlie_devops_memory_id = None
    
    if charlie_devops_memory_id:
        print_step("Alice (Infra team) tries to access DevOps team memory (should fail)")
        try:
            alice_devops_access = api_clients['alice'].get_team_memory(devops_team_id, charlie_devops_memory_id)
            print_error(f"SECURITY ISSUE: Alice accessed DevOps team memory!")
        except Exception as e:
            print_success(f"SECURITY WORKING: Alice cannot access DevOps team memory: {e}")
        
        print_step("Bob (Infra team) tries to access DevOps team memory (should fail)")
        try:
            bob_devops_access = api_clients['bob'].get_team_memory(devops_team_id, charlie_devops_memory_id)
            print_error(f"SECURITY ISSUE: Bob accessed DevOps team memory!")
        except Exception as e:
            print_success(f"SECURITY WORKING: Bob cannot access DevOps team memory: {e}")
        
        print_step("Dana (org admin) can access DevOps team memory")
        try:
            dana_devops_access = api_clients['dana'].get_team_memory(devops_team_id, charlie_devops_memory_id)
            print_success(f"Dana (org admin) accessed DevOps team memory: {dana_devops_access['content'][:50]}...")
        except Exception as e:
            print_error(f"Dana failed to access DevOps team memory: {e}")
        
        print_step("Charlie can access his own DevOps team memory")
        try:
            charlie_own_access = api_clients['charlie'].get_team_memory(devops_team_id, charlie_devops_memory_id)
            print_success(f"Charlie accessed his own DevOps team memory: {charlie_own_access['content'][:50]}...")
        except Exception as e:
            print_error(f"Charlie failed to access his own DevOps team memory: {e}")
    
    print_info("Cross-team isolation test PASSED - teams cannot access each other's memories")
else:
    print_error("Cannot run cross-team isolation test - DevOps team not set up")

In [None]:
# TEST CASE 5: Non-Blocking Behavior
print_section("TEST CASE 5: NON-BLOCKING BEHAVIOR")

import threading
from concurrent.futures import ThreadPoolExecutor, as_completed

def create_memory_async(client, memory_type, *args):
    """Create memory asynchronously"""
    try:
        if memory_type == "user":
            return client.create_user_memory(args[0])
        elif memory_type == "team":
            return client.create_team_memory(args[0], args[1])
        elif memory_type == "org":
            return client.create_org_memory(args[0], args[1])
    except Exception as e:
        return {"error": str(e)}

print_step("Demonstrating concurrent memory creation (non-blocking)")

# Prepare multiple memories to create simultaneously
concurrent_memories = []

# Alice creates multiple user memories
alice_memories = [
    {"content": f"Personal note {i}: Remember to check server logs"}
    for i in range(1, 4)
]

# Bob creates team memories
if 'infra_team_id' in globals() and infra_team_id:
    bob_team_memories = [
        {"content": f"Infra tip {i}: Monitor CPU usage on production servers"}
        for i in range(1, 3)
    ]
    
# Charlie creates DevOps memories
if 'devops_team_id' in globals() and devops_team_id:
    charlie_devops_memories = [
        {"content": f"DevOps process {i}: Automated deployment checklist"}
        for i in range(1, 3)
    ]

# Dana creates org memories
if 'acme_org_id' in globals() and acme_org_id:
    dana_org_memories = [
        {"content": f"Company policy {i}: Security guidelines for remote work"}
        for i in range(1, 3)
    ]

start_time = time.time()

# Execute all memory creations concurrently
with ThreadPoolExecutor(max_workers=10) as executor:
    future_to_user = {}
    
    # Submit Alice's user memories
    for i, memory in enumerate(alice_memories):
        future = executor.submit(create_memory_async, api_clients['alice'], "user", memory)
        future_to_user[future] = f"alice_user_{i+1}"
    
    # Submit Bob's team memories
    if 'infra_team_id' in globals() and infra_team_id:
        for i, memory in enumerate(bob_team_memories):
            future = executor.submit(create_memory_async, api_clients['bob'], "team", infra_team_id, memory)
            future_to_user[future] = f"bob_team_{i+1}"
    
    # Submit Charlie's DevOps memories
    if 'devops_team_id' in globals() and devops_team_id:
        for i, memory in enumerate(charlie_devops_memories):
            future = executor.submit(create_memory_async, api_clients['charlie'], "team", devops_team_id, memory)
            future_to_user[future] = f"charlie_devops_{i+1}"
    
    # Submit Dana's org memories
    if 'acme_org_id' in globals() and acme_org_id:
        for i, memory in enumerate(dana_org_memories):
            future = executor.submit(create_memory_async, api_clients['dana'], "org", acme_org_id, memory)
            future_to_user[future] = f"dana_org_{i+1}"
    
    # Collect results as they complete
    completed_count = 0
    for future in as_completed(future_to_user):
        user_task = future_to_user[future]
        try:
            result = future.result()
            if "error" in result:
                print_error(f"{user_task}: {result['error']}")
            else:
                print_success(f"{user_task}: Created memory '{result['content'][:30]}...'")
            completed_count += 1
        except Exception as e:
            print_error(f"{user_task}: Exception occurred: {e}")
            completed_count += 1

end_time = time.time()
print_info(f"Completed {completed_count} concurrent memory operations in {end_time - start_time:.2f} seconds")
print_info("Non-blocking behavior demonstrated - multiple users can create memories simultaneously")

In [None]:
# TEST CASE 6: Comprehensive Permission Denied Scenarios
print_section("TEST CASE 6: PERMISSION DENIED SCENARIOS")

def test_permission_denied(user_name, client, action_desc, test_func):
    """Test a permission denied scenario"""
    try:
        result = test_func()
        print_error(f"SECURITY ISSUE: {user_name} was able to {action_desc} - this should have failed!")
        return False
    except Exception as e:
        print_success(f"{user_name} correctly denied: {action_desc} - {str(e)[:100]}...")
        return True

print_step("Testing unauthorized access across all scopes")

# Test unauthorized user memory access
if 'alice_memory_id' in globals() and alice_memory_id:
    print_info("🔒 Testing User Memory Access Permissions:")
    
    # Bob tries to access Alice's user memory
    test_permission_denied("Bob", api_clients['bob'], "access Alice's user memory", 
                          lambda: api_clients['bob'].get_user_memory(alice_memory_id))
    
    # Charlie tries to access Alice's user memory
    test_permission_denied("Charlie", api_clients['charlie'], "access Alice's user memory", 
                          lambda: api_clients['charlie'].get_user_memory(alice_memory_id))
    
    # Bob tries to update Alice's user memory
    test_permission_denied("Bob", api_clients['bob'], "update Alice's user memory", 
                          lambda: api_clients['bob'].update_user_memory(alice_memory_id, {"content": "Hacked!"}))
    
    # Charlie tries to delete Alice's user memory
    test_permission_denied("Charlie", api_clients['charlie'], "delete Alice's user memory", 
                          lambda: api_clients['charlie'].delete_user_memory(alice_memory_id))

# Test unauthorized team memory access
if 'alice_team_memory_id' in globals() and alice_team_memory_id and 'infra_team_id' in globals():
    print_info("🔒 Testing Team Memory Access Permissions:")
    
    # Charlie tries to access Infra team memory
    test_permission_denied("Charlie", api_clients['charlie'], "access Infra team memory", 
                          lambda: api_clients['charlie'].get_team_memory(infra_team_id, alice_team_memory_id))
    
    # Charlie tries to update Infra team memory
    test_permission_denied("Charlie", api_clients['charlie'], "update Infra team memory", 
                          lambda: api_clients['charlie'].update_team_memory(infra_team_id, alice_team_memory_id, {"content": "Hacked!"}))
    
    # Charlie tries to delete Infra team memory
    test_permission_denied("Charlie", api_clients['charlie'], "delete Infra team memory", 
                          lambda: api_clients['charlie'].delete_team_memory(infra_team_id, alice_team_memory_id))

# Test unauthorized team creation/management
if 'acme_org_id' in globals() and acme_org_id:
    print_info("🔒 Testing Team Management Permissions:")
    
    # Alice tries to create a team (should fail - only org admin can)
    test_permission_denied("Alice", api_clients['alice'], "create a team", 
                          lambda: api_clients['alice'].create_team(acme_org_id, {"name": "Unauthorized Team"}))
    
    # Bob tries to create a team (should fail - only org admin can)
    test_permission_denied("Bob", api_clients['bob'], "create a team", 
                          lambda: api_clients['bob'].create_team(acme_org_id, {"name": "Another Unauthorized Team"}))

# Test cross-team memory access
if 'charlie_devops_memory_id' in globals() and charlie_devops_memory_id and 'devops_team_id' in globals():
    print_info("🔒 Testing Cross-Team Memory Access Permissions:")
    
    # Alice tries to access DevOps team memory
    test_permission_denied("Alice", api_clients['alice'], "access DevOps team memory", 
                          lambda: api_clients['alice'].get_team_memory(devops_team_id, charlie_devops_memory_id))
    
    # Bob tries to access DevOps team memory
    test_permission_denied("Bob", api_clients['bob'], "access DevOps team memory", 
                          lambda: api_clients['bob'].get_team_memory(devops_team_id, charlie_devops_memory_id))

print_step("Testing successful authorized access (positive cases)")

# Test successful authorized access
if 'alice_memory_id' in globals() and alice_memory_id:
    print_info("Testing Successful User Memory Access:")
    try:
        alice_own_memory = api_clients['alice'].get_user_memory(alice_memory_id)
        print_success(f"Alice successfully accessed her own memory: {alice_own_memory['content'][:50]}...")
    except Exception as e:
        print_error(f"Alice failed to access her own memory: {e}")

if 'alice_team_memory_id' in globals() and alice_team_memory_id and 'infra_team_id' in globals():
    print_info("Testing Successful Team Memory Access:")
    try:
        bob_team_memory = api_clients['bob'].get_team_memory(infra_team_id, alice_team_memory_id)
        print_success(f"Bob successfully accessed Infra team memory: {bob_team_memory['content'][:50]}...")
    except Exception as e:
        print_error(f"Bob failed to access Infra team memory: {e}")

if 'dana_org_memory_id' in globals() and dana_org_memory_id and 'acme_org_id' in globals():
    print_info("Testing Successful Organization Memory Access:")
    try:
        alice_org_memory = api_clients['alice'].get_org_memory(acme_org_id, dana_org_memory_id)
        print_success(f"Alice successfully accessed org memory: {alice_org_memory['content'][:50]}...")
    except Exception as e:
        print_error(f"Alice failed to access org memory: {e}")

print_info("Permission system working correctly - unauthorized access denied, authorized access granted")

#### Some more utility functions usage

In [None]:
alice_dummy_team_mem = api_clients['alice'].create_team_memory(
    infra_team_id, {"content": "This mem0ai is fire bro!"})
alice_dummy_team_mem

In [None]:
api_clients['alice'].update_team_memory(
    infra_team_id, alice_dummy_team_mem['id'], 
    {"content": "This memory shall go in vain."}
)

In [None]:
api_clients['alice'].delete_team_memory(infra_team_id,alice_dummy_team_mem['id'])

In [None]:
api_clients['alice'].get_team_memories(infra_team_id, search="kubectl", page=1, page_size=10)